Defending critical infrastructure is imperative

February 1, 2019

The Cybersecurity Tech Accord’s upcoming webinar and the importance of public-private partnership

Today, cyberattacks from increasingly sophisticated actors threaten organizations across every sector, and whether a Fortune 500 company or a local bakery, organizations of all sizes need to take steps to limit the dangers posed by these threats. This is the core of cybersecurity risk management—understanding potential threats and actively working to mitigate them. But while organizations large and small should protect themselves against such threats, the owners and operators of critical infrastructure have a unique additional obligation to understand risks and improve their cyber resilience in the interests of the communities, and even whole societies, that rely on their industries.

“Critical Infrastructure” refers to the industries and institutions whose continued operation is necessary for the security and stability of a society. Energy, water, and healthcare sectors are often deemed critical infrastructure, as are essential government organizations, transportation sectors, and even entire elections systems. The organizations that own and operate this infrastructure have a responsibility to keep it up and, running in the face of any challenge, require even more careful attention to security, particularly cybersecurity.

It is with this responsibility in mind that we are excited for the upcoming webinar from the senior malware researcher at the IT security firm, ESET, on the latest and most potent cyberthreats to critical infrastructure. The webinar is free to attend and will be hosted by the Cybersecurity Tech Accord on February 4, 2019.

As a signatory to the Cybersecurity Tech Accord, Microsoft is glad to see this diverse coalition of technology companies taking time to address this important issue and highlight the most significant cyberthreats to critical infrastructure. These are the types of challenges that the tech industry should be working collaboratively to address. In fact, Microsoft recently published a white paper titled Risk Management for Cybersecurity: Security Baselines on how policies can improve critical infrastructure protection by establishing outcome-focused security baselines. Such policies mandate how secure critical infrastructure systems must be while allowing industry to innovate and evolve their approaches as necessary to achieve those goals.

Critical infrastructure protection requires cooperation between the public and private sectors because, while the resilience of these sectors is a national security priority, the critical infrastructure itself is most often owned and operated by private industry and dependent on the technologies that are developed and maintained by private companies. In this dynamic, governments play an indispensable role in identifying security needs and standards for success, while industry understands its own technology and how to best meet security objectives.

The benefits of this collaboration are highlighted in the recently published report by the Organization of American States (OAS), developed in partnership with Microsoft, Critical Infrastructure Protection in Latin America and the Caribbean 2018. The report is a tremendous resource for policymakers in the region, as OAS was able to acutely identify the cybersecurity priorities and challenges of its Latin American and the Caribbean member states, while Microsoft was able to provide technical insights on how to best enable critical infrastructure owners and operators to protect their systems based on those priorities.

The upcoming webinar from ESET will doubtlessly shed additional light on the ever-changing nature of cybersecurity threats, especially as they relate to critical infrastructure, further underscoring the importance of cooperative relationships between sectors moving forward. We invite you to attend the live event; and for those who cannot attend on February 4, 2019, the webinar will be recorded and made available on the Cybersecurity Tech Accord website in the days that follow.

For a full list of upcoming webinars, and to access previous sessions on demand, visit the Cybersecurity Tech Accord website.